Only encode hir::Safety::Safe in metadata.

While `Unsafe` is much less common, a failure to encode it would make downstream crates default to `Safe` and think a thing marked as unsafe is actually safe

Author: oli-obk

compiler/rustc_hir/src/hir.rs

@@ -4186,8 +4186,13 @@ impl<'hir> Item<'hir> {
 }
 
 #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Debug)]
-#[derive(Encodable, Decodable, HashStable_Generic)]
+#[derive(Encodable, Decodable, HashStable_Generic, Default)]
 pub enum Safety {
+    /// This is the default variant, because the compiler messing up
+    /// metadata encoding and failing to encode a `Safe` flag, means
+    /// downstream crates think a thing is `Unsafe` instead of silently
+    /// treating an unsafe thing as safe.
+    #[default]
     Unsafe,
     Safe,
 }

compiler/rustc_metadata/src/rmeta/decoder.rs

@@ -1187,7 +1187,7 @@ impl<'a> CrateMetadataRef<'a> {
     }
 
     fn get_safety(self, id: DefIndex) -> Safety {
-        self.root.tables.safety.get(self, id).unwrap_or_else(|| self.missing("safety", id))
+        self.root.tables.safety.get(self, id)
     }
 
     fn get_default_field(self, id: DefIndex) -> Option<DefId> {

compiler/rustc_metadata/src/rmeta/encoder.rs

@@ -1697,7 +1697,7 @@ impl<'a, 'tcx> EncodeContext<'a, 'tcx> {
             }));
 
             for field in &variant.fields {
-                self.tables.safety.set_some(field.did.index, field.safety);
+                self.tables.safety.set(field.did.index, field.safety);
             }
 
             if let Some((CtorKind::Fn, ctor_def_id)) = variant.ctor {

compiler/rustc_metadata/src/rmeta/mod.rs

@@ -402,6 +402,7 @@ define_tables! {
     cross_crate_inlinable: Table<DefIndex, bool>,
     asyncness: Table<DefIndex, ty::Asyncness>,
     constness: Table<DefIndex, hir::Constness>,
+    safety: Table<DefIndex, hir::Safety>,
 
 - optional:
     attributes: Table<DefIndex, LazyArray<hir::Attribute>>,
@@ -411,7 +412,6 @@ define_tables! {
     associated_item_or_field_def_ids: Table<DefIndex, LazyArray<DefIndex>>,
     def_kind: Table<DefIndex, DefKind>,
     visibility: Table<DefIndex, LazyValue<ty::Visibility<DefIndex>>>,
-    safety: Table<DefIndex, hir::Safety>,
     def_span: Table<DefIndex, LazyValue<Span>>,
     def_ident_span: Table<DefIndex, LazyValue<Span>>,
     lookup_stability: Table<DefIndex, LazyValue<hir::Stability>>,

compiler/rustc_metadata/src/rmeta/table.rs

@@ -37,8 +37,17 @@ impl IsDefault for ty::Asyncness {
 impl IsDefault for hir::Constness {
     fn is_default(&self) -> bool {
         match self {
-            rustc_hir::Constness::Const => false,
-            rustc_hir::Constness::NotConst => true,
+            hir::Constness::Const => false,
+            hir::Constness::NotConst => true,
+        }
+    }
+}
+
+impl IsDefault for hir::Safety {
+    fn is_default(&self) -> bool {
+        match self {
+            hir::Safety::Safe => false,
+            hir::Safety::Unsafe => true,
         }
     }
 }
@@ -204,13 +213,6 @@ fixed_size_enum! {
     }
 }
 
-fixed_size_enum! {
-    hir::Safety {
-        ( Unsafe )
-        ( Safe   )
-    }
-}
-
 fixed_size_enum! {
     hir::CoroutineKind {
         ( Coroutine(hir::Movability::Movable)                                          )
@@ -343,6 +345,28 @@ impl FixedSizeEncoding for hir::Constness {
     }
 }
 
+impl FixedSizeEncoding for hir::Safety {
+    type ByteArray = [u8; 1];
+
+    #[inline]
+    fn from_bytes(b: &[u8; 1]) -> Self {
+        match b[0] {
+            0 => hir::Safety::Unsafe,
+            1 => hir::Safety::Safe,
+            _ => unreachable!(),
+        }
+    }
+
+    #[inline]
+    fn write_to_bytes(self, b: &mut [u8; 1]) {
+        debug_assert!(!self.is_default());
+        b[0] = match self {
+            hir::Safety::Unsafe => 0,
+            hir::Safety::Safe => 1,
+        }
+    }
+}
+
 // NOTE(eddyb) there could be an impl for `usize`, which would enable a more
 // generic `LazyValue<T>` impl, but in the general case we might not need / want
 // to fit every `usize` in `u32`.